1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T H.248.93 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2014) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMS Infrastructure of audiovisual services Communication procedures Gateway control protocol: ITU-T H.248 support f
2、or control of transport security using the datagram transport layer security (DTLS) protocol Recommendation ITU-T H.248.93 ITU-T H-SERIES RECOMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.21
3、9 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication procedures H.240H.259 Coding of moving video H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiov
4、isual and multimedia services H.350H.359 Quality of service architecture for audiovisual and multimedia services H.360H.369 Telepresence H.420H.429 Supplementary services for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols an
5、d procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration applications and services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.5
6、49 Mobility interworking procedures H.550H.559 Mobile multimedia collaboration inter-working procedures H.560H.569 BROADBAND, TRIPLE-PLAY AND ADVANCED MULTIMEDIA SERVICES Broadband multimedia services over VDSL H.610H.619 Advanced multimedia services and applications H.620H.629 Ubiquitous sensor net
7、work applications and Internet of Things H.640H.649 IPTV MULTIMEDIA SERVICES AND APPLICATIONS FOR IPTV General aspects H.700H.719 IPTV terminal devices H.720H.729 IPTV middleware H.730H.739 IPTV application event handling H.740H.749 IPTV metadata H.750H.759 IPTV multimedia application frameworks H.7
8、60H.769 IPTV service discovery up to consumption H.770H.779 Digital Signage H.780H.789 E-HEALTH MULTIMEDIA SERVICES AND APPLICATIONS Interoperability compliance testing of personal health systems (HRN, PAN, LAN and WAN) H.820H.859 Multimedia e-health data exchange services H.860H.869 For further det
9、ails, please refer to the list of ITU-T Recommendations. Rec. ITU-T H.248.93 (10/2014) i Recommendation ITU-T H.248.93 Gateway control protocol: ITU-T H.248 support for control of transport security using the datagram transport layer security (DTLS) protocol Summary Datagram transport layer security
10、 (DTLS) is a session layer protocol for securing IP transport protocols. DTLS bearer plane traffic could be terminated or forwarded by ITU-T H.248 media gateways. DTLS is derived from the transport layer security (TLS) protocol. Recommendation ITU-T H.248.93 provides information for (DTLS) support b
11、y ITU-T H.248 entities with focus on the reuse of “ITU-T H.248 TLS packages“ (according to Recommendation ITU-T H.248.90) for DTLS. This Recommendation defines an ITU-T H.248 package extension to the TLS capability negotiation package for the support of DTLS-SRTP sessions. History Edition Recommenda
12、tion Approval Study Group Unique ID* 1.0 ITU-T H.248.93 2014-10-14 16 11.1002/1000/12244 Keywords ITU-T H.248, DTLS, TLS. _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handl
13、e.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T H.248.93 (10/2014) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector
14、(ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every fo
15、ur years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, th
16、e necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary.
17、However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the nega
18、tive equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the us
19、e of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation
20、, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/ww
21、w.itu.int/ITU-T/ipr/. ITU 2015 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T H.248.93 (10/2014) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 2 3.1 Terms defined elsewhere 2
22、 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 5.1 Conventions used in signalling flows . 3 5.2 DTLS endpoint notations . 4 6 Use case descriptions 4 6.1 Use cases related to DTLS transport modes . 5 6.2 Bearer connection network use cases with ITU-T H.2
23、48 IP-IP gateways . 5 6.3 Bearer connection network use cases with DTLS transport mode change 6 6.4 Bearer connection network use cases with multiparty services . 7 7 Models 7 7.1 Network model from ITU-T H.248 entity point of view 7 7.2 Bearer connection model 7 8 Basic session control package (for
24、 DTLS) . 8 9 DTLS-specific stream endpoint interlinkage procedures . 9 10 Capability negotiation package (for DTLS) . 9 11 DTLS extended capabilities package 10 11.1 Properties 10 11.2 Events . 11 11.3 Signals 11 11.4 Statistics 11 11.5 Error codes 11 11.6 Procedures 12 12 Session maintenance packag
25、e (for DTLS) . 13 13 Traffic volume metrics package (for DTLS) 13 14 Package-less DTLS control 13 14.1 Related to DTLS authentication . 13 Annex A State modelling for DTLS bearer connection endpoints 14 Annex B DTLS protocol layer: Data model . 15 Appendix I Sample use cases of DTLS bearer encryptio
26、n . 16 I.1 Use cases for “application protocol agnostic DTLS handling“ 16 I.2 Use cases for “DTLS-based transport security for facsimile packet relay service ITU-T T.38“ . 16 iv Rec. ITU-T H.248.93 (10/2014) Page I.3 Use cases for “WebRTC data traffic“ . 18 I.4 Use cases for “DTLS-based key exchange
27、 for SRTP“ . 20 Appendix II Signalling flows for basic DTLS session establishment and release 22 II.1 Overview 22 II.2 Conventions 22 II.3 Establishment of DTLS security sessions 22 II.4 Release of DTLS security sessions . 24 Bibliography. 27 Rec. ITU-T H.248.93 (10/2014) 1 Recommendation ITU-T H.24
28、8.93 Gateway control protocol: ITU-T H.248 support for control of transport security using the datagram transport layer security (DTLS) protocol 1 Scope Datagram transport layer security (DTLS) protocol b-IETF RFC 4347 and IETF RFC 6347 is derived and thus aligned with the transport layer security (
29、TLS) protocol IETF RFC 5246. There are consequently many commonalities between the control of DTLS bearers and TLS bearers in ITU-T H.248 gateways. ITU-T H.248-controlled TLS bearers are subject of ITU-T H.248.90 and ITU-T H.248.91. The purpose of this Recommendation is to define usage of ITU-T H.24
30、8.90 for DTLS bearers. It includes in particular: description of DTLS specific use cases; modelling information; description of MG bearer plane differences between DTLS and TLS; usage of TLS-defined ITU-T H.248 packages for DTLS bearer types; and an extension package for the specific application of
31、DTLS-SRTP IETF RFC 5764. Appendix I provides a non-exhaustive list of example use cases for DTLS in two slightly different areas of applications: 1. DTLS as “transport security“ means for “DTLS-over-L4“ or “L4-over-DTLS“ IP bearer traffic; and 2. DTLS as “key exchange“ means for RTP/L4/IP bearer tra
32、ffic using media security according to the secure real-time transport protocol (SRTP). 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the edition
33、s indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid I
34、TU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T H.248.1 Recommendation ITU-T H.248.1 (2013), Gateway control protocol: Version 3. ITU-T H.248.88 Recommendation ITU-T
35、 H.248.88 (2014), Gateway control protocol: RTP topology dependent RTCP handling by ITU-T H.248 media gateways with IP terminations. ITU-T H.248.90 Recommendation ITU-T H.248.90 (2014), Gateway control protocol: ITU-T H.248 packages for control of transport security using transport layer security (T
36、LS). ITU-T H.248.91 Recommendation ITU-T H.248.91 (2014), Gateway control protocol: Guidelines on the use of ITU-T H.248 capabilities for transport security in TLS networks in ITU-T H.248 profiles. 2 Rec. ITU-T H.248.93 (10/2014) ITU-T H.248.92 Recommendation ITU-T H.248.92 (2014), Gateway control p
37、rotocol: Stream endpoint interlinkage package. ITU-T X.200 Recommendation ITU-T X.200 (1994) | ISO/IEC 7498-1: 1994, Information technology Open Systems Interconnection Basic Reference Model: The basic model. IETF RFC 4572 IETF RFC 4572 (2006), Connection-Oriented Media Transport over the Transport
38、Layer Security (TLS) Protocol in the Session Description Protocol (SDP). IETF RFC 5246 IETF RFC 5246 (2008), The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5764 IETF RFC 5764 (2010), Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Tran
39、sport Protocol (SRTP). IETF RFC 6347 IETF RFC 6347 (2012), Datagram Transport Layer Security Version 1.2. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following term defined elsewhere: 3.1.1 transparent forwarding ITU-T H.248.88: MG packet forwarding behaviour with the char
40、acteristic of Lx-PDU integrity. This is a unidirectional characteristic of a Lx-PDU flow. 3.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 DTLS transparent forwarding: MG packet forwarding behaviour with the characteristic of DTLS-PDU integrity (Notes 1
41、and 2). This is a unidirectional characteristic of a DTLS-PDU flow. NOTE 1 A DTLS PDU relates to a DTLS message in IETF RFC 5246. NOTE 2 Definition based on clause 3.1.1, i.e., the characteristic of PDU integrity comprises the properties of bit integrity and data integrity (see also clauses 3.1.1, 3
42、.1.2 and 3.2.3 in ITU-T H.248.88). NOTE 3 There is the characteristic of DTLS message integrity in the context of “DTLS transparent forwarding“. The MG might be DTLS aware; e.g., support of DTLS related statistics or event detection would not violate transparent forwarding behaviour. 4 Abbreviations
43、 and acronyms This Recommendation uses the following abbreviations and acronyms: B2BIH Back-to-Back IP Host DCCP Datagram Congestion Control Protocol DTLS Datagram Transport Layer Security EP Endpoint IFP Internet Facsimile Protocol IP Internet Protocol IPv4 Internet Protocol Version 4 IPv6 Internet
44、 Protocol Version 6 L3 Layer three Rec. ITU-T H.248.93 (10/2014) 3 L4 Layer four L4+ Above layer four MAC Message Authentication Code MG Media Gateway MGC Media Gateway Controller MKI Master Key Identifier PSTN Public Switched Telephone Network RTP Real-time Transport Protocol SCTP Stream Control Tr
45、ansmission Protocol SDES SDP security Descriptions SDP Session Description Protocol SEP Stream Endpoint SEPP Stream Endpoint Pair SIP Session Initiation Protocol SRTP Secure RTP SSL Secure Sockets Layer TCP Transmission Control Protocol TLS Transport Layer Security TPKT Transport Protocol Data Unit
46、Packet UDP User Datagram Protocol UDPTL (Facsimile) UDP Transport Layer (protocol) WebRTC Web-based Real-Time Communication= Real-Time Communication in WEB-browsers (as work item in W3C) 5 Conventions 5.1 Conventions used in signalling flows The following conventions are used in the example signalli
47、ng flows: L4 Est.req L4 Est.ack Abstracted (protocol-independent) representation for establishment requests/acknowledgements of new connection-oriented IP transport connections. L4 Rel.req L4 Rel.ack Abstracted (protocol-independent) representation for release requests/acknowledgements of existing c
48、onnection-oriented IP transport connections. DTLS Est.req DTLS Est.ack Abstracted (DTLS message/procedure independent) representation for establishment requests/acknowledgements of new DTLS security sessions. DTLS Rel.req DTLS Rel.ack Abstracted (protocol-independent) representation for release requ
49、ests/acknowledgements of existing DTLS security sessions. 4 Rec. ITU-T H.248.93 (10/2014) 5.2 DTLS endpoint notations The notion of endpoint represents different concepts, which are illustrated in Figure 1. Figure 1 Conventions for DTLS endpoint types Usage in: ITU-T H.248 control: ITU-T H.248 terminations/stream endpoint with DTLS processing are denoted as DTLS-enabled termination or stream endpoint (SEP) respectively; user plane (DTLS):
